This Is the New Leader of Russia’s Infamous Sandworm Hacking Unit

For years, the hacking unit within Russia’s GRU military intelligence agency known as Sandworm has carried out some of the worst cyberattacks in history—blackouts, fake ransomware, data-destroying worms—from behind a carefully maintained veil of anonymity. But after half a decade of the spy agency’s botched operations, blown cover stories, and international indictments, perhaps it’s no surprise that pulling the mask off the man leading that highly destructive hacking group today reveals a familiar face.

The passport Evgenii Serebriakov used to enter the Netherlands in 2018.

Photograph: Department of Justice

The commander of Sandworm, the notorious division of the agency’s hacking forces responsible for many of the GRU’s most aggressive campaigns of cyberwar and sabotage, is now an official named Evgenii Serebriakov, according to sources from a Western intelligence service who spoke to WIRED on the condition of anonymity. If that name rings a bell, it may be because Serebriakov was indicted, along with six other GRU agents, after being caught in the midst of a close-range cyberespionage operation in the Netherlands in 2018 that targeted the Organization for the Prohibition of Chemical Weapons in the Hague.

In that foiled operation, Dutch law enforcement didn’t just identify and arrest Serebriakov and his team, who were part of a different GRU unit generally known as Fancy Bear or APT28. They also seized Serebriakov’s backpack full of technical equipment, as well as his laptop and other hacking devices in his team’s rental car. As a result, Dutch and US investigators were able to piece together Serebriakov’s travels and past operations stretching back years and, given his newer role, now know in unusual detail the career history of a rising GRU official.

According to the intelligence service sources, Serebriakov was placed in charge of Sandworm in the spring of 2022 after serving as deputy commander of APT28, and now holds the rank of colonel. Christo Grozev, the lead Russia-focused investigator for open source intelligence outlet Bellingcat, has also noted Serebriakov’s rise: Around 2020, Grozev says, Serebriakov began receiving phone calls from GRU generals who, in the agency’s strict hierarchy, only speak to higher-level officials. Grozev, who says he bought the phone data from a Russian black market source, says he also saw the GRU agent’s number appear in the phone records of another powerful military unit focused on counterintelligence. “I realized he must be in a command position,” says Grozev. “He can’t just be a regular hacker anymore.”

The fact that Serebriakov appears to have attained that position despite having been previously identified and indicted in the failed Netherlands operation suggests that he must have significant value to the GRU—that he’s “apparently too good to dump,” Grozev adds.

Serebriakov’s new position leading Sandworm—officially GRU Unit 74455 but also known by the nicknames Voodoo Bear and Iridium—puts him in charge of a group of hackers who are perhaps the world’s most prolific practitioners of cyberwar. (They’ve also dabbled in espionage and disinformation campaigns.) Since 2015, Sandworm has led the Russian government’s unprecedented campaign of cyberattacks on Ukraine: It penetrated electric utilities in western Ukraine and Kyiv to cause the first- and second-ever blackouts triggered by hackers and targeted Ukrainian government agencies, banks, and media with countless data-destructive malware operations. In 2017, Sandworm released NotPetya, a piece of self-replicating code that spread to networks worldwide and inflicted a record $10 billion in damage. Sandworm then went on to sabotage the 2018 Winter Olympics in Korea and attack TV broadcasters in the nation of Georgia in 2019, a shocking record of reckless hacking.

#Leader #Russias #Infamous #Sandworm #Hacking #Unit


Related Posts

Childrens’ data feared stolen in Fortra ransomware attack

The fallout from Fortra’s mass ransomware attack continues to widen as the hackers claim a new victim: a children’s virtual mental health care startup. In a data…

Astronomers Stunned by Brightest Gamma Ray Burst Ever Recorded

On October 9, 2022, a gamma ray burst brighter than any before seen swept across Earth and space-based detectors. A team scrambled to take follow-up observations at…

One Man’s Quest to Revive the Great American Vacuum Tube

Predictably, it was harder than Whitener thought. It took him two years to persuade AT&T, which hadn’t made a tube since 1988 but still owned Western Electric,…

Best outdoor speakers for your backyard or patio in 2023

A backyard hangout isn’t complete without some tunes, and the best outdoor speakers make it easy to bring the party out into the sunshine. Even if you’re…

HP’s new Victus gaming laptop might be the cheapest way to get an RTX 4070

For those (like myself) who get a little pit in their stomachs every time they see how much any given year’s best gaming laptops cost, the HP…

Neubility plans to roll out 400 lidar-free delivery and security robots by year-end

Last-mile robotics startup Neubility — which makes autonomous delivery robots that work without lidar — says that it plans bump its fleet up to 400  by the…

Leave a Reply

Your email address will not be published. Required fields are marked *